SafeDep/vet
A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.
What is SafeDep/vet?
SafeDep Vet is a command-line tool that protects software projects from malicious open-source dependencies and supply chain attacks. It analyzes package manifests, container images, and SBOMs to detect malware, prioritize vulnerabilities based on actual code usage, and enforce security policies. The tool integrates into CI/CD pipelines to provide proactive, noise-reducing security guardrails.
Developers, DevOps engineers, and security teams managing software supply chains across multiple ecosystems (npm, PyPI, Maven, Go, etc.) who need to enforce security policies and detect malicious dependencies. It is particularly suited for teams integrating security scanning into CI/CD workflows like GitHub Actions or GitLab CI.
Developers choose Vet over traditional SCA tools because it cuts through CVE noise by analyzing actual code usage to prioritize only relevant risks and offers real-time zero-day malware detection through behavioral analysis. Its policy-as-code approach using CEL expressions allows for customizable, context-specific security enforcement across diverse package managers and formats.
Overview
Protect against malicious open source packages 🤖
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
